This invention relates to identity verification and is particularly concerned with computer system security and a method and apparatus for identity verification of remote user terminals.
The unauthorized access of remote user terminals via modems and telephone lines to central computer systems and data bases presents a significant data security problem. Generally, data communication equipment includes a modem at the central computer and a dial-up modem at the remote user terminal. Establishing communication with the central computer by the remote user terminal generally comprises the following preliminary procedure. The remote user dials the telephone number associated with the base modem connected to the central computer. The base modem answers the telephone call and returns a distinctive tone to the caller. The caller then attaches his remote modem to the telephone. The remote modem returns a "carrier" signal to the base modem. The base modem in turn sends a "carrier detect" signal to the computer. The computer then sends a "request to send" signal to the base modem and the base modem in turn sends a "carrier" signal to the remote modem. The remote modem in turn sends a "carrier detect" signal to the remote terminal and the remote terminal is now on line with the computer and is able to communicate directly with the computer.
In many current systems, the remote user needs to enter after coming on line a log-on sequence of characters, i.e., a password, in order to open a conversation with the computer. This group of characters or password is unique to each user and is intended to prevent unauthorized access to the computer's data base. However, such password-type data security has proved to be inadequate for several reasons. First, the log-on sequences for most mainframe computers are widely known and thus an unauthorized user need only learn the password character sequence in order to access the computer. The password may be obtained in various ways. For example, most users require simple passwords which are easily determined because they are related to someone's name such as the user's wife, children, etc. Since the log-on sequence is generally forgiving and will allow an unauthorized user to try successive passwords, repeated and varied attempts may be made to determine the authorized password.
Additionally, many manufacturers store "test" passwords in computers prior to shipment and, in many cases, these test passwords are not changed by the user and remain in the computer. Consequently, knowledgeable users will utilize these test passwords to obtain access to the computer in a manner commonly referred to as the "back door" technique. Breakthrough generators are generally available to automate repeated attempts to determine the password.
A common security measure to prevent unauthorized access is the "call back" method. In the "call back" method, the remote user makes telephone contact as previously described and submits a password. The telephone connection between the remote user and the central computer is terminated and, if a valid password has been submitted to the central computer, an automatic dialer dials a predetermined number for the remote user to reconnect the remote user to the central computer and grant access. Therefore, in addition to password protection, the computer security system insures that the remote user is at a predetermined telephone number.
The "call back" method has several limitations. First, the verification and access operation is somewhat time-consuming in that it involves making two separate long distance telephone connections. Secondly, there are additional costs for the call back telephone call and these costs are allocated to the telephone services of the central computer rather than the remote user. In data base services, it is desirable to directly allocate such costs to the remote user. Thirdly, the "call back" method does not conveniently lend itself to portable remote terminals such as those used by traveling personnel.
It is the object of the present invention to provide a new and improved method for identity verification.
Another object of the invention is to provide a method and apparatus for verifying the identity of remote user terminals for a central computer system.
A further object of the invention is to provide an identity verification method and apparatus for computer systems which is virtually impervious to unauthorized users.
A still further object of the invention is to provide a method of verification of the identity of remote user terminals which is fast and economical, and maintains direct allocation of long distance telephone costs on the remote user.
Yet another object of the invention is to provide an apparatus for verifying the identify of remote user terminals which functions externally to the computer and blocks out any communication with the computer prior to identify verification.
A further object of the invention is to provide computer security system which is reliable and convenient to operate.
It has been found that the foregoing advantages and benefits are attained in a method and apparatus for verifying the identify of an authorized remote user terminal for access to a base computer over a telephone line. The method includes providing the authorized remote user terminal with a programed preselected mathematical algorithm. A random number is generated at the base computer system to be accessed and transmitted to the remote user terminal. The algorithm is performed on the random number at the remote user terminal to calculate a first result. The first result is transmitted from the remote user terminal to the base computer system. The algorithm is performed on the random number at the base computer system to calculate a second result. The first result is compared to the second result and access to the base computer is granted when the first result matches the second result. The method may also include providing the authorized user terminal with a preselected constant and performing the algorithm at the remote user terminal on the random number and the preselected constant to calculate a first result. The algorithm is also performed at the base computer system on the random number and the preselected constant to calculate the second result.
The apparatus for verifying the identify of an authorized remote user terminal includes as base verifying unit interconnected between the base computer and base modem for selectively conducting data between the computer and base modem and a cooperating remote verifying unit interconnected between the remote user terminal and the remote modem. The base verifying unit includes microprocessor means for generating a random number and transmitting the random number to the remote verifying unit and for performing a predetermined mathematical algorithm on the random number to calculate a first result. The base verifying unit also includes means for receiving a second result from the remote verifying unit and comparing the second result to the first result. Control means is provided for controlling the conduction of data to the computer to prevent the conduction of data from the remote user terminal to the computer absent the second calculated result matching the first calculated result and permitting the conduction of data to the computer upon said second calculated result matching said first calculated result. The remote verifying unit includes microprocessor means for receiving the random number from the base verifying unit and performing the predetermined mathematical algorithm on the random number to calculate a second result. The remote verifying unit also includes means for transmitting the calculated second result to the base verifying unit. The base verifying unit and the remote verifying unit can also be provided with a predetermined constant wherein the microprocessor means for performing the predetermined mathematical algorithm comprises means for performing the mathematical algorithm on the random number and the constant to calculate the first and second results respectively.
In a further embodiment of the invention, a method for one member of a group to verify the identify of another member of the group to the exclusion of nonmembers includes providing each member of the group with a preselected mathematical algorithm. A random number is generated at one member and transmitted to the other member. The mathematical algorithm is performed on the random number at the one member to calculate a first result. The mathematical algorithm is also performed on the random number at the other member to calculate a second result. The second result is transmitted from the other member to the one member and the first and second results are compared whereby a match between the first and second results verifies the identity of the other member as a member of the group.
In a further embodiment of the invention, a method for determining and communicating a data encryption key from one member of a select group to another member of the select group includes providing each member of the select group with a predetermined selected mathematical algorithm. A random number is generated at one member and transmitted to another member. The mathematical algorithm is performed on the random number at the one member to determine a result which comprises the data encryption key. The mathematical algorithm is performed on the random number at the other member to also determine the result, i.e, the data encryption key, whereby the data encryption key is determined at both the one member and the other member for use in encrypting and decrypting information for communication between the members.